Hi All, I'm using Fleet with the OSQuery Manager integration for 7.14.0, and I noticed that the data stream it created logs-osquery_manager.result-default is mapping the host.ip field as a keyword. This is causing an issue in Kibana as its causing a mapping conflict within the Kibana Index Pattern l…

Thank you for reporting this issue. Yes, seems like there are more mappings that need to be defined. We will address that in the next versions of the integration package.

@aleksmaus @ruflin thanks for the information. I've found a few similar issues with some of the other integrations. Is there a better place to report these mapping issues, or should I just open up additional forum topics?

If you see mapping issues, best directly open a github issue in https://github.com/elastic/integrations Thanks for reporting these!

OSQuery Manager Integration Mapping IP (`host.ip`) as Keyword

Elastic Stack Beats

ruflin (ruflin) September 3, 2021, 11:27am 2

As you pointed out, it is likely missing in the mappings: https://github.com/elastic/integrations/blob/master/packages/osquery_manager/data_stream/result/fields/osquery.yml

@aleksmaus To not have to map all fields, maybe a dynamic mapping that matches *.ip could be used?

Topic		Replies	Views
Mapping conflict field host.ip Filebeat Beats filebeat	0	523	June 17, 2022
Source.ip.keyword insted of source.ip Kibana	3	2249	October 22, 2020
Osquery exported fields Elastic Security osquery-manager	1	481	January 6, 2022
Beats Default Template Mappings for IP Fields Beats	2	421	August 2, 2018
Conflicting Field Elasticsearch host.ip in metrics- Index Pattern Elastic Agent metricbeat	1	464	February 15, 2023

OSQuery Manager Integration Mapping IP (`host.ip`) as Keyword

Related topics